Cookie Based SAML Authentication

Cookie based SAML authentication can be used to request for user's previous session. Even in case the user's session is expired, the result will be returned based on cookie that stores user's session token.

To use it, Service Provider needs to follow these steps:

Send saml request with IsPassive attribute set to true and authentication context set to PreviousSession uri.
Example:

Handle SAML response. Two kind of responses can be returned after sending valid request. The first one is successful response for valid cookie token (not expired, existing and with correct token). Example (note that AuthnContextClassRef has PreviousSession uri and response has no SessionIndex defined):